Apple Addresses a Bug That Caused Disk Utility in macOS High Sierra To Expose Passwords of Encrypted APFS Volumes

Joe Rossignol, writing for MacRumours: Brazilian software developer Matheus Mariano appears to have discovered a significant Disk Utility bug that exposes the passwords of encrypted Apple File System volumes in plain text on macOS High Sierra. Mariano added a new encrypted APFS volume to a container, set a password and hint, and unmounted and remounted the container in order to force a password prompt for demonstration purposes. Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint. [...] Apple has addressed this bug by releasing a macOS High Sierra 10.13 Supplemental Update, available from the Updates tab in the Mac App Store.

Re:The bug is in Disk Utility GUI volume creation

How is it able to show the plain text password to begin with? Sounds like the password isn't hashed or encrypted itself to begin with and stored as plaintext somewhere. The system shouldn't know what the password is.

Re: The bug is in Disk Utility GUI volume creation

[Brockmire]

If you don't fucking know, no one gives a shit what your guess is.

Re: The bug is in Disk Utility GUI volume creation

[Brockmire]

Typical at Apple, where shit like "GotoFail" is a regular occurrence. Shitty developers with nonreviewed code in important security places, no QA and test procedures... bugs can show up in corner cases, but not in THE FUCKING USE CASE. Who the fuck is running things over there?